From f7f434ef36417211538359c4b0e01faf75cf77a4 Mon Sep 17 00:00:00 2001
From: Dengke Tang <dengket@amazon.com>
Date: Thu, 5 Jun 2025 17:03:20 -0700
Subject: [PATCH 1/3] the stream ends with 0 length should also be skipped

---
 source/h2_frames.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/source/h2_frames.c b/source/h2_frames.c
index d047edc9..deffd4af 100644
--- a/source/h2_frames.c
+++ b/source/h2_frames.c
@@ -378,7 +378,6 @@ int aws_h2_encode_data_frame(
     /* Use a sub-buffer to limit where body can go */
     struct aws_byte_buf body_sub_buf =
         aws_byte_buf_from_empty_array(output->buffer + output->len + bytes_preceding_body, max_body);
-
     /* Read body into sub-buffer */
     if (aws_input_stream_read(body_stream, &body_sub_buf)) {
         *body_failed = true;
@@ -401,14 +400,14 @@ int aws_h2_encode_data_frame(
         if (body_sub_buf.len < body_sub_buf.capacity) {
             /* Body stream was unable to provide as much data as it could have */
             *body_stalled = true;
-
-            if (body_sub_buf.len == 0) {
-                /* This frame would have no useful information, don't even bother sending it */
-                goto handle_nothing_to_send_right_now;
-            }
         }
     }
 
+    if (body_sub_buf.len == 0 && !body_ends_stream) {
+        /* This frame would have no useful information, don't even bother sending it */
+        goto handle_nothing_to_send_right_now;
+    }
+
     ENCODER_LOGF(
         TRACE,
         encoder,

From 5c647b3d87f8537d415e23799dcff87581d5d58d Mon Sep 17 00:00:00 2001
From: Dengke Tang <dengket@amazon.com>
Date: Thu, 5 Jun 2025 17:36:35 -0700
Subject: [PATCH 2/3] if it's stalled, also don't send the empty frame

---
 source/h2_frames.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source/h2_frames.c b/source/h2_frames.c
index deffd4af..83a3961c 100644
--- a/source/h2_frames.c
+++ b/source/h2_frames.c
@@ -403,7 +403,7 @@ int aws_h2_encode_data_frame(
         }
     }
 
-    if (body_sub_buf.len == 0 && !body_ends_stream) {
+    if (body_sub_buf.len == 0 && !(flags & AWS_H2_FRAME_F_END_STREAM)) {
         /* This frame would have no useful information, don't even bother sending it */
         goto handle_nothing_to_send_right_now;
     }

From ebb8363d65dbf60f6b3285bfc550fee5946e02d8 Mon Sep 17 00:00:00 2001
From: Dengke Tang <dengket@amazon.com>
Date: Fri, 6 Jun 2025 11:51:44 -0700
Subject: [PATCH 3/3] update fuzz to avoid empty frame

---
 tests/fuzz/fuzz_h2_decoder_correct.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tests/fuzz/fuzz_h2_decoder_correct.c b/tests/fuzz/fuzz_h2_decoder_correct.c
index 4f71fa72..8c9c7c94 100644
--- a/tests/fuzz/fuzz_h2_decoder_correct.c
+++ b/tests/fuzz/fuzz_h2_decoder_correct.c
@@ -233,6 +233,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 
             /* Allow body to exceed available space. Data encoder should just write what it can fit */
             struct aws_input_stream *body = aws_input_stream_new_from_cursor(allocator, &input);
+            if (input.len == 0) {
+                /* In case of empty body, make sure the end stream flag to be set, other wise, no frames should be
+                 * generated to decode. */
+                body_ends_stream = true;
+            }
 
             bool body_complete;
             bool body_stalled;